Present: Jamie, Aaron, Rob, Tony, James, Rip
Budget Review – took a quick look at remaining balances. Need to take a closer look at 341/equipment budget with Marshall. Also need to update the Training/Equipment budget in Org 347. Aaron will ask Sara about doing another C&C Budget report and if she can update the Org 347 spreadsheet (may need to wait for Marshall).
James will look at what it might cost to upgrade the switch for Skunkworks to an HP. Might cost a little more but it will provide better network management. Also Rob will look at what it might take to do fiber to Skunkworks.James is working on security audit. By doing it before July 1 we are allowed to do it the same way as was done in 2009. The new version of audit that we will need to respond to in 3 years has a lot of new requirements. This includes copies of policies that are a part of our controls. This means we have a lot of work to do in preparation for the annual certification due next year. A lot of this is documentation.
Managers will review the business resumption plan for discussion/updating at our meeting next week. Tony will send to managers a link to this document.
IDM – We are looking at Forefront ID Management with a campus agreement from Microsoft. Forefront has an upgrade in the next 2 weeks that we want to see before we make a final decision. Doing Forefront with a campus agreement will allow us to keep current with MS software without having to spend time on inventory of MS licenses. Jamie will check with Marshall on what the campus agreement might cost with Forefront ID Management.
File Shares – discussed options to improve file security. Option might be to keep shares at the same security level but that we ensure Appropriate Use Policy talks about what can be saved in these folders and look at implementing Sophos on hurricane so protected (financial type) data can’t be stored. If some business process has to have protected data saved on a file share, they use something like Banfiles which would not be available from off campus. Decision: (1) define what the category 4 data is, (2) define what cat 4 data would be exempt because we meet the intent, (3) update the appropriate use policy to incorporate and (4) implement the technical controls to prevent sensitive data storage on hurricane.